|
Posted by Paul Adare on November 14, 2008, 8:39 am
Please log in for more thread options
On Fri, 14 Nov 2008 13:45:58 +0100, tashi wrote:
show/hide quoted text
> The certificate request is generated from a SAP System. The SAP Admin
> gave me the request to sign it.
> In Details, Certificate Template Name there is the Entry WebServer. This
> is the standard Web Server Template. I use the CA Web Service to sumbit
> the request.
Try using certreq.exe to submit the request rather than the web page.
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
|
|
Posted by Brian Komar on November 14, 2008, 2:38 pm
Please log in for more thread options
Also, make sure that you have restarted certificate services after the
changing of the registry keys.
Finally, you can check out the requested validity period by SAP by running
the following command:
show/hide quoted text
certutil -dump request.csr > dump.txt
then view the contents of dump.txt
Brian
show/hide quoted text
> On Fri, 14 Nov 2008 13:45:58 +0100, tashi wrote:
>> The certificate request is generated from a SAP System. The SAP Admin
>> gave me the request to sign it.
>> In Details, Certificate Template Name there is the Entry WebServer. This
>> is the standard Web Server Template. I use the CA Web Service to sumbit
>> the request.
> Try using certreq.exe to submit the request rather than the web page.
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
|
|
Posted by tashi on November 17, 2008, 7:42 am
Please log in for more thread options Brian Komar schrieb:
show/hide quoted text
> Also, make sure that you have restarted certificate services after the
> changing of the registry keys.
> Finally, you can check out the requested validity period by SAP by
> running the following command:
> certutil -dump request.csr > dump.txt
> then view the contents of dump.txt
> Brian
>
>> On Fri, 14 Nov 2008 13:45:58 +0100, tashi wrote:
>>> The certificate request is generated from a SAP System. The SAP Admin
>>> gave me the request to sign it.
>>> In Details, Certificate Template Name there is the Entry WebServer. This
>>> is the standard Web Server Template. I use the CA Web Service to sumbit
>>> the request.
>> Try using certreq.exe to submit the request rather than the web page.
>> --
>> Paul Adare
>> MVP - Identity Lifecycle Manager
>> http://www.identit.ca
>
I tried certreq -submit -attrib "CertificateTemplate:Webserver"
show/hide quoted text
<filename> but I get still two years validity. I also tried requesting a
certificate over a IIS. Same here.
I do certutil -dump command. But I can`t see any validity time. But SAP
Admin tells me the request is configures for 20 years validity.
I restart the CA Server and even the Server. But It does not work. And I
also do the following certutil commands:
certutil -getreg ca\validityperiod
certutil -getreg ca\validityperiodunits
And they tell me my correct configured validity time. As done in the
registry.
|
|
Posted by Paul Adare on November 17, 2008, 8:42 am
Please log in for more thread options On Mon, 17 Nov 2008 13:42:12 +0100, tashi wrote:
show/hide quoted text
> I tried certreq -submit -attrib "CertificateTemplate:Webserver"
> <filename> but I get still two years validity. I also tried requesting a
> certificate over a IIS.
The point with certreq was not use a template. If you use the Webserver
template you're going to get a 2 year cert no matter what you do as that is
the lifetime for a Webserver template.
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
|
|
Posted by tashi on November 17, 2008, 10:12 am
Please log in for more thread options Paul Adare schrieb:
show/hide quoted text
> On Mon, 17 Nov 2008 13:42:12 +0100, tashi wrote:
>
>> I tried certreq -submit -attrib "CertificateTemplate:Webserver"
>> <filename> but I get still two years validity. I also tried requesting a
>> certificate over a IIS.
>
> The point with certreq was not use a template. If you use the Webserver
> template you're going to get a 2 year cert no matter what you do as that is
> the lifetime for a Webserver template.
>
If I dont use a Template, I get the following Error:
"The request contains no certificate template information"
Our CA is a Enterprise CA not Stand-alone. I read in the Technet,
Enterprise CA needs Templates to sign a request.
|
| Similar Threads | Posted | | renew root ca to extend validity period | January 25, 2010, 12:01 pm |
| ca - certificate validity question | November 8, 2008, 5:32 am |
| certificate validity in Certificates MMC snap-in | October 4, 2005, 4:27 pm |
| utility to check certificate validity | October 5, 2005, 8:51 am |
| Certificate template validity extension | September 23, 2009, 6:55 am |
| A Standard windows server 2003 security question | July 27, 2009, 1:06 pm |
| Windows 2003 Standard Edition & Microsoft.XMLHTTP Question | September 30, 2006, 10:25 pm |
| SCEP - Network Device Enrollment Service on Windows 2008 Standard | March 31, 2008, 10:32 am |
| Could not start the Windows Time Error 1300 | June 22, 2005, 10:03 am |
| Windows 2008 Standard : make a group a member of a group not possible ? | September 25, 2009, 10:47 am |
|
XML Sitemap
> gave me the request to sign it.
> In Details, Certificate Template Name there is the Entry WebServer. This
> is the standard Web Server Template. I use the CA Web Service to sumbit
> the request.